Infrastructure/logto
0
Fork 0
mirror of https://github.com/logto-io/logto.git synced 2025-02-17 22:04:19 -05:00
Code Issues Activity

feat(core): support base64 format OIDC_PRIVATE_KEYS config in .env file (#1903)

Browse source
This commit is contained in:
Xiao Yijun 2022-09-08 17:49:36 +08:00 committed by GitHub
parent b90f072bef
commit 5bdb6755d2
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 27 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

28
packages/core/src/env-set/oidc.test.ts
View file

@ -17,22 +17,30 @@ describe('oidc env-set', () => {
jest.resetModules();
});
it('should read OIDC private keys if `OIDC_PRIVATE_KEYS` is provided', async () => {
process.env.OIDC_PRIVATE_KEYS = 'foo, bar';
it('should read OIDC private keys if raw `OIDC_PRIVATE_KEYS` is provided', async () => {
const rawKeys = [
'-----BEGIN PRIVATE KEY-----\nFOO\n-----END PRIVATE KEY-----',
'-----BEGIN PRIVATE KEY-----\nBAR\n-----END PRIVATE KEY-----',
];
process.env.OIDC_PRIVATE_KEYS = rawKeys.join(',');
const privateKeys = await readPrivateKeys();
expect(privateKeys).toEqual([
'-----BEGIN PRIVATE KEY-----\nFOO\n-----END PRIVATE KEY-----',
'-----BEGIN PRIVATE KEY-----\nBAR\n-----END PRIVATE KEY-----',
]);
});
it('should transpile and read OIDC private keys if base64-formatted `OIDC_PRIVATE_KEYS` is provided', async () => {
const base64Keys = ['foo', 'bar'].map((key) => Buffer.from(key, 'utf8').toString('base64'));
process.env.OIDC_PRIVATE_KEYS = base64Keys.join(',');
const privateKeys = await readPrivateKeys();
expect(privateKeys).toEqual(['foo', 'bar']);
});
it('should read OIDC private keys if provided `OIDC_PRIVATE_KEYS` contain newline characters', async () => {
process.env.OIDC_PRIVATE_KEYS = 'foo\nbar, bob\noop';
const privateKeys = await readPrivateKeys();
expect(privateKeys).toEqual(['foo\nbar', 'bob\noop']);
});
it('should read OIDC private keys if `OIDC_PRIVATE_KEY_PATHS` is provided', async () => {
process.env.OIDC_PRIVATE_KEY_PATHS = 'foo.pem, bar.pem';
const existsSyncSpy = jest.spyOn(fs, 'existsSync').mockReturnValue(true);

10
packages/core/src/env-set/oidc.ts
View file

@ -15,6 +15,8 @@ const defaultLogtoOidcPrivateKeyPath = './oidc-private-key.pem';
const listFormatter = new Intl.ListFormat('en', { style: 'long', type: 'conjunction' });
const isBase64FormatPrivateKey = (key: string) => !key.includes('-');
/**
* Try to read private keys with the following order:
*
@ -30,7 +32,13 @@ export const readPrivateKeys = async (): Promise<string[]> => {
const privateKeys = getEnvAsStringArray('OIDC_PRIVATE_KEYS');
if (privateKeys.length > 0) {
return privateKeys;
return privateKeys.map((key) => {
if (isBase64FormatPrivateKey(key)) {
return Buffer.from(key, 'base64').toString('utf8');
}
return key;
});
}
const privateKeyPaths = getEnvAsStringArray('OIDC_PRIVATE_KEY_PATHS');